North Korean cybercriminals have allegedly targeted South Korean ministers in a crypto hacking campaign last year, according to police officials in Seoul. They claim to have seized a server used in the attempted attacks and discovered two cryptocurrency wallet addresses on it. With transactions totaling nearly $1,600, authorities are continuing to investigate if these campaigns were attempts to steal funds.
It’s not the first time Pyongyang has been blamed for high-profile attacks on South Korean crypto targets. In the past, accusations have included targeting major exchanges south of the DMZ and individual cryptocurrency users. Evidence discovered on the server suggests that the North Korean hacking organization Kimsuky sent phishing emails to South Korean officials in mid-2022, including foreign affairs and security experts as well as former and current high-ranking officials.
Among the nine individuals targeted, there were two former ministerial-level officials, one vice-ministerial-level official, four academic experts, one incumbent executive-level official, and one journalist. Kimsuky also reportedly lured dozens of security experts to a phishing site with the intent of obtaining sensitive information. Some hackers even posed as students or individuals seeking professional opinions on their work.
This cyberattack campaign is said to have taken place from April to July last year, coinciding with the inauguration of President Yoon Seok-yeol’s government. The recent revelations about Kimsuky’s activities follow a report from security provider Sentinel Labs that the hacking group is specifically targeting analysts of North Korean affairs. The firm alleges that Kimsuky impersonated the English-language, North Korea-focused media outlet NK News to steal its credentials.
Moreover, a North Korean hacking group has been implicated in the theft of $35 million from the crypto wallet platform Atomic Wallet. Analytical firm Elliptic found that these stolen funds were moved to the crypto mixer Sinbad, which is believed to be a reboot of the Blender coin mixing platform.
While the potential for monetary gain is evident in these hacking campaigns, the fact that security and foreign affairs experts were targeted raises questions about the underlying political motives. It suggests that North Korea may not only be aiming for financial advantage but also seeking to access valuable information and cause disruptions in South Korea. Nevertheless, as investigations continue, it remains crucial for individual users and institutions alike to prioritize robust security measures to protect their sensitive information and assets.
Source: Cryptonews